5 matches found
CVE-2024-0702
The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1 This makes it possible f...
CVE-2024-0702
The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1 This makes it possible f...
CVE-2024-0702 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization
The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1 This makes it possible f...
CVE-2024-0702
CVE-2024-0702 concerns the Oliver POS plugin for WordPress. The issue is a missing capability check on several AJAX-hooked functions in includes/class-pos-bridge-install.php, affecting all versions up to and including 2.4.1.8. This design flaw allows authenticated users with subscriber-level acce...
WordPress Oliver POS Plugin <= 2.4.2.0 is vulnerable to Broken Access Control
Software Oliver POS Type Plugin Vulnerable versions = 2.4.2.0 Fixed in 2.4.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0702 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 77e616eb4620 Credits Francesco Carlucci Required...